Sandbox Attribute Tester
Test different iframe sandbox attribute combinations and see what each permission allows or blocks.
Test URL
or
Permissions
Generated Code
<iframe src="https://example.com" sandbox="allow-scripts allow-same-origin allow-forms" width="100%" height="600"></iframe>
Live Preview
Enter URL or load demo
Currently Blocked
✗Popups & new windows
✗Parent navigation
✗Alert/confirm dialogs
Best Practices
⚠️ Never combine allow-scripts + allow-same-origin - iframe can remove its own sandbox
Start restrictive - Begin with no permissions, add only what's needed
Use CSP too - Combine with CSP headers for defense in depth
Common Configs
Static Content:
sandbox=""Interactive:
allow-scripts allow-formsWidgets:
allow-scripts allow-same-origin allow-popups